Integrated Safety Moves Beyond Outlier Status

Integrated safety continues to develop more potent solutions, driven by this year's deadline for complying with European safety standards which make it a requirement to calculate the performance level achieved by each safety function in a system.

But the equally important ongoing trend is a view of integrated safety as a key component in the drive to productivity and enhanced diagnostics. Along with a move to wireless operation, these developments are resulting in a new generation of machines that are increasingly being implemented using a single controller and one network for both failsafe and non-safe devices.

Impact of Safety Standards

"The biggest dynamic for safety systems
continues to be standards development with EN/ISO 13849 becoming mandatory this
year," says Tim Roback, manager of marketing - Safety Systems for Rockwell
Automation. "That standard is fundamentally changing the way the industrial
market thinks about safety. It is driving different behavior for the automation
supplier, the machine builder and the end user."

EN 954-1 "Safety of Machinery" is a prescriptive standard that
explains how to set up a safety system in terms of required component features
and wiring configuration. However, EN/ISO 13849, which is scheduled to replace
EN 954-1 at the end of this year, includes a reliability component associated
with the determination of safety levels. Every component in the safety system
consumes a certain amount of the safety budget needed to achieve a required
safety level, and also affects the overall reliability of the system.

Machine builders now have a greater burden to calculate the
Performance Level (PL) achieved by each safety function. By following this
standard, it's possible that if the system is complicated enough, a user can
select all Performance Level e- (PLe) rated products and not be able to achieve
an overall PLe rating for the system. The reason is because individual
components may consume varying amounts of the overall safety budget, and the
reliability impact associated with the safety components is cumulative.

"Now you have to be more knowledgeable regarding the design of
your safety system and the parameters which affect the Performance Level
calculations," says Roback. "Additionally you need to access safety data
associated with each component within a safety system."

Understanding these reliability aspects is challenging safety
product providers to make sure that data is readily available and up-to-date.
Increasingly, the safety market is introducing safety calculators to simplify
the calculation process. Some calculators are developed by safety product
providers, while others are developed by independent safety agencies and are
free to use. Regardless of the calculator used, a critical requirement for the
machine builder is that the libraries contain the safety data relevant for the
components they intend to use in their systems.

Machine builders who need to comply with EN/ISO 13849-1 will be
forced to reevaluate their existing safety systems. Roback says that when they
do that, they're also going to learn some things about what they actually need
in terms of risk reduction and mitigation.

"I think they'll find that, in
some cases, maybe they don't need as much risk mitigation as they originally
thought," says Roback. "It's also going to require some flexibility to
implement exactly the level of safety they need. The macro trend we see coming
is an industry that is becoming more intelligent consumers of safety, and
helping drive optimized safety solutions."

One Network, One Controller

An important ongoing trend with networked
safety is the combination of failsafe operation and motion control in one
controller. In the past, automated systems had a separate controller for motion
and another controller for safety, but now all of these functions are often
available in a single controller on one network.

With the move to networked safety systems, especially those using
industrial Ethernet, there are larger numbers of devices available on the
network such as failsafe motor starters and drives. Most of these devices have
traditionally been hardwired and provide a minimal level of diagnostics.

"The main impetus behind putting safety on a network is to
increase productivity," says John D'Silva, marketing manager - Safety
Integrated for Siemens
Industry Inc. "The level of diagnostics that is available, for example, has
a direct impact on reducing downtime."

"Now with safety networks, a large amount of safety data can be
passed over the network in a failsafe way. This facilitates designing complex
safety systems and architectures that are easy to implement," says D'Silva.

Another key trend picking up speed is wireless safety. In
automotive and aerospace assembly operations, plus warehouses, distribution
centers or material handling applications, there is an incentive when it is
difficult and expensive to do all of the wiring required to integrate the
safety systems. Wireless is the perfect fit for applications because there is a
desire to get rid of the wires. And the technology is easier and faster to
implement, and uses a minimal amount of floor and cabinet space.

An added feature of wireless safety is mobile safety panels.
Estops can be implemented on these panels because the location of the HMI panel
has long played a central role in the diagnostic process. To determine the
source of a problem, the operator often needed to go physically to the HMI.
What the mobile safety panel does, using the wireless connection, is provide
the operator with a safety panel in their hands. With the ability to walk
around the machine and view diagnostic screens, using switching zone controls
to view different parts of the process, the operator can control multiple
machines with safety included.

"Wireless is at the cutting-edge of technology for safety systems,"
says D'Silva. "The feedback we get from customers is that it saves so much in
terms of cable and cabling costs. It is great technology for OEMs because
normally they would set up a system, test it out, take it apart and then ship
it wherever it needed to go. Wireless makes it easier to build and ship systems
and helps them with installation and commissioning of systems."

The mobile safety panel is an addition for a complete safety
system with a PLC and a safety I/O. Now, the user has a wireless operator panel
in their hand and can walk around and make changes from machine to machine.

Wireless safety is quickly
moving into automotive and aerospace applications, especially for assembly
lines. With final assembly in aerospace, for example, there are long lines for
final assembly with a front section, back section and midsection all moving
together. People are working on the plane as it moves very slowly. Imagine
doing that with wires all around with the different front, mid and back
sections of the plane turning nearly 360 degrees.

"Now put a wireless system in and think of what it does for you,"
says D'Silva. "It changes the entire outlook of the plant in relationship to
flexibility and cost effectiveness."

Networked Safety Trends

"The original driver for the safety
network was to minimize wiring compared to hardwired systems in the past that
required longer runs of wiring. But once you add a network, a more significant
driver is access to status or diagnostic information," says Chuck Lukasik, director
of the CC-Link
Partner Assn.

"If a safety switch or pull chain causes the system to shut down,
now it's far easier to find out more information than in the past where
components were individually wired. In general, safety networks are really
driven by two areas: cost reduction and ease of troubleshooting."

Going a step further, a safety system generally has a lot more
going on

than the actual safety inputs and other outputs that have to be
controlled. Other devices such as indicator lights and devices might feed parts
to a robot, for example, but aren't considered part of the safety system.

Increasingly, networks such as CC-Link Safety are able to have
these devices on the same network including safety I/O devices as well as
non-safety I/Os, so that the controller can perform those additional functions
in addition to the safety functions.

"It seems like more people
have a desire to incorporate non-safe devices on the same network as the safe
devices," says Lukasik. "The reporting aspect is also growing significantly
with intelligent devices providing more internal diagnostics."

Later this year, Lukasik says that CC-Link IE Field, which is the
industrial Ethernet version of CC-Link, will be adding safety functionality to
become the next-generation safety network within the CC-Link family. The
current version of CC-Link Safety is an RS485-based network, which is not
Ethernet-based technology. This new safety network will operate at gigabit speed
on Ethernet, and allow safety devices and non-safety devices on the same
network.

"Like CC-Link IE Field, the safety version will feature a
standard Ethernet physical layer," says John Wozniak, P.E., automation
networking specialist for the CC-Link Partner Assn. "One of the differentiators
is the gigabit speed of CC-Link IE Field compared to other networks that
typically operate at 100 megabit. As time goes on, the demand for faster
networks just keeps marching on."

Another key differentiator is no requirement for the use of
additional physical layer hardware such as switches in order to achieve
absolute determinism. EtherNet/IP or Profinet networks, for example, typically
require use of managed switches for every field device, which adds more
hardware to the total system and increases setup complexity.

With CC-Link IE Field devices, such as an I/O block or an HMI,
each one has two RJ45 ports. So future devices compatible with the new IE Field
Safety will have a specific ASIC built into the device. Connecting additional
devices is done in a daisy chain fashion rather than requiring additional
network hardware such as Ethernet switches.

Importance of Integrated Diagnostics

"One of the biggest advantages with
integrated safety is the integrated diagnostic functionality. In the past,
machine and safety controls used to be separate from each other," says Stephan
Stricker, product manager for B&R
Industrial Automation. "Machine builders were used to working with
additional inputs for diagnostics, if they wanted to find out that somebody had
pressed an E-stop button, etc. Now, more and more customers are realizing the
value of the integrated diagnostics within their safety system because it
brings added benefits to the machine."

Stricker says a key trend is that OEMs are starting to rethink
their safety automation strategy when they design machines. For them, safety is
not a requirement anymore, but a way to improve their machine's functionality
that provides them a competitive advantage. With printing machines, for
example, it's a huge benefit if the end user can keep the machines running
while refining the process or addressing potential safety issues.

"If a person steps into a machine's safety zone, there usually is
a neutral area before the person reaches into the really dangerous zone," says
Stricker. "In this case the machine can slow down, once the person is in the
neutral area, or at least decelerate more slowly rather than come to a complete
full stop that would happen in a real emergency situation. That's a huge
benefit because these machines require a lot of effort to start them back up
from a full stop."

The major issue is not just production downtime, but the effort
and manual time required to restart the machine. In most cases, stopping one
part of the machine line is affecting the whole production process. With a
bottling machine, all of the production in front of the line would also have to
stop. It's a whole chain that comes to a complete stop and then needs to be
restarted again. Stricker says that these kinds of situations can now be
avoided with programmable safety.

One interesting development
from B&R Industrial Automation is the ability to change the safety system
set-up on-the-fly using an approved certification procedure. In the past, an
engineer would need to be available to manually update a machine because an end
user couldn't change the safety software on a running machine. "Now we have a
software and technology procedure that allows this for customers, and enables
them to use a lot of different machine options," says Stricker.

If a machine has different sections that can be
assembled or disassembled on a weekly or monthly basis a consistent safety
solution can become difficult. The traditional way would be to see each section
as an individual safety part. Integrated safety allows you to have one single
safety controller that adjusts the safety configuration according to the hardware
that is connected. With certified function blocks this can be done through the
operator interface. The safety controller will automatically make sure that the
connected hardware has the correct safety setup.

Yes, and there is also a lot of confusion about what integrated safety actually means. Is it on the same cable, but separate? That's a common solution. Run it on the same bus, but it is actually separate from control. That gives you efficiency while you still get church/state separation. The big vendors are now offering true integration of safety and control. Apparently that allows for more diagnostics and even greater efficiency. For some control engineers, however, this makes the hair on the back of the neck stand up.

I agree with you 100% Sgt Rock. We not only need industry wide standards we need a common understanding (training?) on what those standards are. I've been in a number of situations where a customer will quote some version of a safety standard as mandatory but have no clue what it means or what options are to be included.

I agree that the use of integrated safety systems is gaining both acceptance and use but I believe that it is still in it's infancy. This concept is a true blessing to both the manufacturer and the end user. Unfortunately I also believe that this causes a great deal confusion for that end user when they move towards implementation. Most of the confusion is caused during the interpretation of the safety statutes and regulations. This results from the differing expectations of the many governmental agencies involved. As an industry we need to work together and push for standardized regulations which ideally would include the many wonderful concepts and innovations listed in the article. Why is it acceptable in one country to have an e-stop located inside a safety enclosure; say, for a robotic palletizer, but it's not okay here in the USA. Agreeably I don't think it makes good sense to have it located there, but again there needs to be an industry wide push for standardization so that we can take advantage of these tools.

Integrated safety has come a long way to acceptance in just the last few years. The city/state separation between safety and motion control has broken down, which frees plant managers to deploy more efficient systems.

Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.